Twitter said in the notification that the hackers are possibly associated with “a government,” and were trying to steal users’ email addresses, IP addresses and phone numbers attached to accounts. It’s unclear whether Twitter was compromised, or whether the accounts were targeted individually.

“At this time, we have no evidence they obtained your account information, but we’re actively investigating this matter,” Twitter said. “We wish we had more we could share, but we don’t have any additional information we can provide at this time.”

Many of those notified had loose ties to activism and privacy, including a Minnesota-based activist named Cassie who runs CryptopartyMN.

“I’ve been technical and political since I was a young kid, and I suspect that could be threatening to some in power,” she told Threatpost. “The question, of course, is who?

“I appreciated them sending the notice at all; however, it would’ve been nice for Twitter to send more info on the nature of the attacks and why they suspect it to be ‘state-sponsored actors,'” Cassie said. “I can understand they are currently investigating and may not want to reveal that info now, but I think it’s essential for those of us who received the notifications to know to properly assess the risk.”

A Canadian nonprofit technology outfit called coldhak was among the first to reveal it was targeted. Motherboard reported that coldhak speculates there could be a number of reasons it was targeted, including that founder Colin Childs does contract work for the Tor Project or that the company operates a number of Tor relays. Childs’ individual account also received a warning, Motherboard said.

Runa Sandvik, a privacy and security researcher and a former Tor Project developer, also received a notification.

“The notification was not terribly helpful. The message states that my account may have been targeted, but it does not say much about what I can or should do next,” Sandvik told Threatpost. “Should I change my password? My email? My phone number? I don’t know.In the meantime, these are the first known instances of Twitter warning its users of targeted attacks.”

She was critical of Twitter’s recommendation that victims use Tor on the Web because she says the social network frequently blocks its users.

“Twitter suggests I use Tor to protect my online identity. However, users who connect to Twitter over Tor and who also choose not to give Twitter their phone number often find that their accounts have been blocked,” Sandvik said. “Twitter claims it does not block Tor, but it doesn’t seem like it’s doing much to help Tor users either.”

Cassie had similar sentiments to Sandvik.

“I found their suggestion to use Tor to be a bit hilarious, not because it’s a wrong suggestion, but because Twitter regularly locks Tor users out because it’s flagged as suspicious traffic,” Cassie said. “Then, to regain access, Twitter asked for the phone numbers of those users. Now, we’re being told those phone numbers may have been targeted in these attacks.”

Facebook, in October, announced that it would begin warning users of nation-state attacks, which because of their sophistication, warrant immediate attention.

Facebook said it would only issue such warnings where evidence strongly supports its findings, yet it would not share how it determines that state-sponsored attackers are behind an intrusion. Facebook also offered victims a technical mitigation; turning on a feature called LoginApprovals that alerts account owners when an account is access from a new device or browser.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

Protected by

{"references": ["https://t.co/5ChKERPscC", "https://www.cryptopartymn.com/", "https://threatpost.com/emergency-ios-update-patches-zero-days-used-by-government-spyware/120158/", "https://threatpost.com/privacy-groups-file-ftc-complaint-over-whatsapp-data-sharing-with-facebook/120218/", "https://twitter.com/coldhakca/status/675443513367007232", "https://twitter.com/twitter", "https://t.co/oZm83eVFC5", "https://twitter.com/runasand/status/675461733314596865", "http://motherboard.vice.com/read/twitter-told-a-bunch-of-users-they-may-be-targets-of-a-state-sponsored-attack", "https://threatpost.com/tor-update-fixes-reachableaddresses-problem/120127/"], "edition": 1, "description": "**Update **A relatively small number of Twitter users, including a few connected to security and privacy advocacy, have been informed that their accounts have been targeted by state-sponsored hackers.\n\nNotifications began appearing in the inboxes of affected users two days ago, with very little concrete information accompanying the warning.\n\n### Related Posts\n\n#### [Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook](<https://threatpost.com/privacy-groups-file-ftc-complaint-over-whatsapp-data-sharing-with-facebook/120218/> \"Permalink to Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook\" )\n\nAugust 30, 2016 , 12:23 pm\n\n#### [Emergency iOS Update Patches Zero Days Used by Government Spyware](<https://threatpost.com/emergency-ios-update-patches-zero-days-used-by-government-spyware/120158/> \"Permalink to Emergency iOS Update Patches Zero Days Used by Government Spyware\" )\n\nAugust 25, 2016 , 5:33 pm\n\n#### [Tor Update Fixes ReachableAddresses Problem](<https://threatpost.com/tor-update-fixes-reachableaddresses-problem/120127/> \"Permalink to Tor Update Fixes ReachableAddresses Problem\" )\n\nAugust 25, 2016 , 9:22 am\n\nTwitter said in the notification that the hackers are possibly associated with \u201ca government,\u201d and were trying to steal users\u2019 email addresses, IP addresses and phone numbers attached to accounts. It\u2019s unclear whether Twitter was compromised, or whether the accounts were targeted individually.\n\n\u201cAt this time, we have no evidence they obtained your account information, but we\u2019re actively investigating this matter,\u201d Twitter said. \u201cWe wish we had more we could share, but we don\u2019t have any additional information we can provide at this time.\u201d\n\nMany of those notified had loose ties to activism and privacy, including a Minnesota-based activist named Cassie who runs [CryptopartyMN](<https://www.cryptopartymn.com/>).\n\n\u201cI\u2019ve been technical and political since I was a young kid, and I suspect that could be threatening to some in power,\u201d she told Threatpost. \u201cThe question, of course, is who?\n\n\u201cI appreciated them sending the notice at all; however, it would\u2019ve been nice for Twitter to send more info on the nature of the attacks and why they suspect it to be \u2018state-sponsored actors,'\u201d Cassie said. \u201cI can understand they are currently investigating and may not want to reveal that info now, but I think it\u2019s essential for those of us who received the notifications to know to properly assess the risk.\u201d\n\nA Canadian nonprofit technology outfit called coldhak was among the first to reveal it was targeted. _Motherboard_ reported that [coldhak speculates](<http://motherboard.vice.com/read/twitter-told-a-bunch-of-users-they-may-be-targets-of-a-state-sponsored-attack>) there could be a number of reasons it was targeted, including that founder Colin Childs does contract work for the Tor Project or that the company operates a number of Tor relays. Childs\u2019 individual account also received a warning, _Motherboard_ said.\n\n> We received a warning from [@twitter](<https://twitter.com/twitter>) today stating we may be \"targeted by state-sponsored actors\" [pic.twitter.com/oZm83eVFC5](<https://t.co/oZm83eVFC5>)\n> \n> \u2014 coldhak (@coldhakca) [December 11, 2015](<https://twitter.com/coldhakca/status/675443513367007232>)\n\nRuna Sandvik, a privacy and security researcher and a former Tor Project developer, also received a notification.\n\n\u201cThe notification was not terribly helpful. The message states that my account may have been targeted, but it does not say much about what I can or should do next,\u201d Sandvik told Threatpost. \u201cShould I change my password? My email? My phone number? I don\u2019t know.In the meantime, these are the first known instances of Twitter warning its users of targeted attacks.\u201d\n\nShe was critical of Twitter\u2019s recommendation that victims use Tor on the Web because she says the social network frequently blocks its users.\n\n> Twitter suggests I use Tor to protect my online identity, yet frequently blocks accounts accessed over Tor. [pic.twitter.com/5ChKERPscC](<https://t.co/5ChKERPscC>)\n> \n> \u2014 Runa A. Sandvik (@runasand) [December 11, 2015](<https://twitter.com/runasand/status/675461733314596865>)\n\n\u201cTwitter suggests I use Tor to protect my online identity. However, users who connect to Twitter over Tor and who also choose not to give Twitter their phone number often find that their accounts have been blocked,\u201d Sandvik said. \u201cTwitter claims it does not block Tor, but it doesn\u2019t seem like it\u2019s doing much to help Tor users either.\u201d\n\nCassie had similar sentiments to Sandvik.\n\n\u201cI found their suggestion to use Tor to be a bit hilarious, not because it\u2019s a wrong suggestion, but because Twitter regularly locks Tor users out because it\u2019s flagged as suspicious traffic,\u201d Cassie said. \u201cThen, to regain access, Twitter asked for the phone numbers of those users. Now, we\u2019re being told those phone numbers may have been targeted in these attacks.\u201d\n\nFacebook, in October, announced that it would begin warning users of nation-state attacks, which because of their sophistication, warrant immediate attention.\n\nFacebook said it would only issue such warnings where evidence strongly supports its findings, yet it would not share how it determines that state-sponsored attackers are behind an intrusion. Facebook also offered victims a technical mitigation; turning on a feature called LoginApprovals that alerts account owners when an account is access from a new device or browser.\n\n_This article was updated Dec. 14 with additional comments._", "title": "Twitter State-Sponsored Attack Notification", "viewCount": 0, "cvelist": [], "type": "threatpost", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "reporter": "Michael Mimoso", "published": "2015-12-14T09:26:00", "modified": "2015-12-29T19:28:55", "threatPostCategory": "Government", "bulletinFamily": "info", "lastseen": "2016-09-04T20:45:42", "objectVersion": "1.2", "hash": "71139d0c7ed93b541f7469e87ae484b51578989652b7ac44bcff539e5016108a", "href": "https://threatpost.com/twitter-warns-some-users-of-nation-state-attacks/115633/", "id": "TWITTER-WARNS-SOME-USERS-OF-NATION-STATE-ATTACKS/115633", "enchantments": {"vulnersScore": 4.3}}

{"result": {"hackread": [{"lastseen": "2018-03-19T14:20:16", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "description": "By [Waqas](<https://www.hackread.com/author/hackread/>)\n\nControversies and scandals on Facebook don\u2019t seem to end anytime\n\nThis is a post from HackRead.com Read the original post: [Facebook Secretly Provided Analytic Firm Access to Million of Profiles](<https://www.hackread.com/facebook-provided-analytic-firm-access-to-user-profiles/>)", "reporter": "Waqas", "published": "2018-03-19T12:24:52", "type": "hackread", "title": "Facebook Secretly Provided Analytic Firm Access to Million of Profiles", "enchantments": {}, "bulletinFamily": "blog", "cvelist": [], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-03-19T12:24:52", "id": "HACKREAD:79DAF643F3F46E8C18F8739A99F4D9FD", "href": "https://www.hackread.com/facebook-provided-analytic-firm-access-to-user-profiles/", "cvss": {"score": 0.0, "vector": "NONE"}}], "schneier": [{"lastseen": "2018-03-19T11:40:59", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"], "references": [], "description": "Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy [website](<https://amdflaws.com/>), detailed [whitepaper](<https://safefirmware.com/amdflaws_whitepaper.pdf>), cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA -- and logos we've come to expect from these sorts of things. What's new is that the company only gave AMD a day's notice, which breaks with every norm about responsible disclosure. CTS Labs didn't release details of the exploits, only high-level descriptions of the vulnerabilities, but it is probably still enough for others to reproduce their results. This is incredibly irresponsible of the company.\n\nMoreover, the vulnerabilities are kind of meh. Nicholas Weaver [explains](<https://www.lawfareblog.com/researchers-find-serious-vulnerabilities-amd-processors>):\n\n> In order to use any of the four vulnerabilities, an attacker must already have _almost_ complete control over the machine. For most purposes, if the attacker already has this access, we would generally say they've already won. But these days, modern computers at least attempt to protect against a rogue operating system by having separate secure subprocessors. CTS Labs discovered the vulnerabilities when they looked at AMD's implementation of the secure subprocessor to see if an attacker, having already taken control of the host operating system, could bypass these last lines of defense.\n\nIn a \"[Clarification](<https://safefirmware.com/Whitepaper+Clarification.pdf>),\" CTS Labs kind of agrees:\n\n> The vulnerabilities described in amdflaws.com could give an attacker that has already gained initial foothold into one or more computers in the enterprise a significant advantage against IT and security teams. \n> \n> The only thing the attacker would need after the initial local compromise is local admin privileges and an affected machine. To clarify misunderstandings -- there is no need for physical access, no digital signatures, no additional vulnerability to reflash an unsigned BIOS. Buy a computer from the store, run the exploits as admin -- and they will work (on the affected models as described on the site).\n\nThe weirdest thing about this story is that CTS Labs describes one of the vulnerabilities, Chimera, as a backdoor. Although it doesn't t come out and say that this was deliberately planted by someone, it does make the point that the chips were designed in Taiwan. This is an incredible accusation, and honestly needs more evidence before we can evaluate it.\n\nThe upshot of all of this is that CTS Labs played this for maximum publicity: over-hyping its results and minimizing AMD's ability to respond. And it may have an [ulterior motive](<https://www.wired.com/story/amd-backdoor-cts-labs-backlash/>):\n\n> But CTS's website touting AMD's flaws also contained a disclaimer that threw some shadows on the company's motives: \"Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports,\" reads one line. WIRED asked in a follow-up email to CTS whether the company holds any financial positions designed to profit from the release of its AMD research specifically. CTS didn't respond.\n\nWe all need to demand better behavior from security researchers. I know that any publicity is good publicity, but I am pleased to see the stories critical of CTS Labs outnumbering the stories praising it.", "reporter": "Bruce Schneier", "published": "2018-03-19T11:27:36", "type": "schneier", "title": "Israeli Security Attacks AMD by Publishing Zero-Day Exploits", "enchantments": {}, "bulletinFamily": "blog", "cvelist": [], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-03-19T11:27:36", "id": "SCHNEIER:EA43519839B8AF1410F17A57D0B63A1C", "href": "https://www.schneier.com/blog/archives/2018/03/israeli_securit.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2018-03-19T05:38:30", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el6_9.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el6_9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el6_9.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el6_9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el6_9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el6_9.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el6_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "aarch64", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "ppc64le", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-52.7.2-1.el7_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el6_9.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el6_9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el6_9.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el6_9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el6_9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "52.7.2-1.el6_9", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el6_9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "aarch64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "ppc64le", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "52.7.2-1.el7_4", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-52.7.2-1.el7_4.x86_64.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 52.7.2 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "reporter": "RedHat", "published": "2018-03-19T07:31:41", "type": "redhat", "title": "(RHSA-2018:0549) Critical: firefox security update", "enchantments": {}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-5146"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T07:47:11", "id": "RHSA-2018:0549", "href": "https://access.redhat.com/errata/RHSA-2018:0549", "cvss": {"score": 0.0, "vector": "NONE"}}], "krebs": [{"lastseen": "2018-03-19T05:42:15", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "description": "**Adrian Lamo**, the hacker probably best known for breaking into **The New York Times**'s network and for reporting **Chelsea Manning**'s theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapter of his life eclipsed the profile of a complex individual who taught me quite a bit about security over the years.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2018/03/lamo-wiki.png)\n\nAdrian Lamo, in 2006. Source: Wikipedia.\n\nI first met Lamo in 2001 when I was a correspondent for **Newsbytes.com**, a now-defunct tech publication that was owned by **The Washington Post** at the time. A mutual friend introduced us over AOL Instant Messenger, explaining that Lamo had worked out a simple method allowing him to waltz into the networks of some of the world's largest media companies using nothing more than a Web browser.\n\nThe panoply of alternate nicknames he used on instant messenger in those days shed light on a personality not easily grasped: Protagonist, Bitter Geek, AmINotMerciful, Unperceived, Mythos, Arcane, truefaith, FugitiveGame.\n\nIn this, as in so many other ways, Lamo was a study in contradictions: Unlike most other hackers who break into online networks without permission, he didn't try to hide behind the anonymity of screen names or Internet relay chat networks.\n\nBy the time I met him, Adrian had already earned the nickname \"the homeless hacker\" because he had no fixed address, and found shelter most evenings in abandoned buildings or on friend's couches. He launched the bulk of his missions from Internet cafes or through the nearest available dial-up connections, using an old Toshiba laptop that was missing seven keys. His method was the same in every case: find security holes; offer to fix them; refuse payment in exchange for help; wait until hole is patched; alert the media.\n\nLamo had previously hacked into the likes of **AOL Time Warner,** **Comcast**, **MCI Worldcom, Microsoft, SBC Communications **and **Yahoo** after discovering that these companies had enabled remote access to their internal networks via Web proxies, a kind of security by obscurity that allowed anyone who knew the proxy's Internet address and port number to browse internal shares and other network resources of the affected companies.\n\nBy 2002, Lamo had taken to calling me on the phone frequently to relate his various exploits, often spoofing his phone number to make it look like the call had come from someplace ominous or important, such as The White House or the FBI. At the time, I wasn't actively taking any measures to encrypt my online communications, or to suggest that my various sources do likewise. After a few weeks of almost daily phone conversations with Lamo, however, it became abundantly clear that this had been a major oversight.\n\nIn February 2002, Lamo told me that he'd found an open proxy on the network of The New York Times that allowed him to browse the newsroom's corporate intranet. A few days after that conversation, Lamo turned up at Washingtonpost.com's newsroom (then in Arlington, Va.). Just around the corner was a Kinkos, and Adrian insisted that I follow him to the location so he could get online and show me his discovery firsthand.\n\nWhile inside the Times' intranet, he downloaded a copy of the Times' source list, which included phone numbers and contact information for such household names as Yogi Berra, Warren Beatty, and Robert Redford, as well as high-profile political figures - including Palestinian leader Yassir Arafat and Secretary of State Colin Powell. Lamo also added his own contact information to the file. My [exclusive story in Newsbytes](<https://web.archive.org/web/20020306005915/http://www.newsbytes.com/news/02/174792.html>) about the Times hack was soon picked up by other news outlets.\n\nIn August 2003, federal prosecutors issued an arrest warrant for Lamo in connection with the New York Times hack, among other intrusions. The next month, The Washington Post's attorneys [received a letter from the FBI](<https://www.rcfp.org/browse-media-law-resources/news/reporters-ordered-fbi-retain-notes-conversations-hacker>) urging them not to destroy any correspondence I might have had with Lamo, and warning that my notes may be subpoenaed.\n\nIn response, the Post opted to take my desktop computer at work and place it in storage. We also received a letter from the FBI requesting an interview (that request was summarily denied). In October 2003, the Associated Press ran a story saying the FBI didn't follow proper procedures when it notified reporters that their notes concerning Lamo might be subpoenaed (the DOJ's policy was to seek materials from reporters only after all other investigative steps had been exhausted, and then only as a last resort).\n\nIn 2004, Lamo pleaded guilty to one felony count of computer crimes against the Times, as well as LexisNexis and Microsoft. He was sentenced to six month's detention and two years probation, an ordered to pay $65,000 in restitution.\n\nSeveral months later while attending a formal **National Press Foundation** dinner at the Washington Hilton, my bulky [Palm Treo](<https://en.wikipedia.org/wiki/Palm_Treo>) buzzed in my suit coat pocket, signaling a new incoming email message. The missive was blank save for an unusually large attachment. Normally, I would have ignored such messages as spam, but this one came from a vaguely familiar address: adrian.lamo@us.army.mil. Years before, Lamo had told me he'd devised a method for minting his own .mil email addresses.\n\nThe attachment turned out to be the Times' newsroom source list. The idea of possessing such information was at once overwhelming and terrifying, and for the rest of the evening I felt certain that someone was going to find me out (it didn't help that I was seated adjacent to a table full of NYT reporters and editors). It was difficult not to stare at the source list and wonder at the possibilities. But ultimately, I decided the right thing to do was to simply delete the email and destroy the file.\n\n#### EARLY LIFE\n\nLamo was born in 1981 outside of Boston, Mass. into an educated, bilingual family. Lamo's parents say from an early age he exhibited an affinity for computers and complex problem solving. In grade school, Lamo cut his teeth on a [Commodore64](<https://en.wikipedia.org/wiki/Commodore_64>), but his parents soon bought him a more powerful IBM PC when they grasped the extent of his talents.\n\n\"Ever since he was very young he has shown a tendency to be a lateral thinker, and any problem you put in front of him with a computer he could solve almost immediately,\" Lamo's mother Mary said in an interview in 2003. \"He has a gifted analytical mind and a natural curiosity.\"\n\nBy the time he got to high school, Lamo had graduated to a laptop computer. During a computer class his junior year, Lamo upstaged his teacher by solving a computer problem the instructor insisted was insurmountable. After an altercation with the teacher, he was expelled. Not long after that incident, Lamo earned his high school equivalency degree and left home for a life on his own.\n\nFor many years after that he lived a vagabond's existence, traveling almost exclusively on foot or by Greyhound bus, favoring the affordable bus line for being the \"only remaining form of mass transit that offers some kind of anonymity.\" When he wasn't staying with friends, he passed the night in abandoned buildings or under the stars.\n\nIn 1995, Lamo landed contract work at a promising technology upstart called America Online, working on \"[PlanetOut.com](<https://en.wikipedia.org/wiki/PlanetOut_Inc.>),\" an online forum that catered to the gay and lesbian community. At the time, advertisers paid AOL based on the amount of time visitors spent on the site, and Lamo's job was to keep people glued to the page, chatting them up for hours at a time.\n\n**Ira Wing**, a security expert at one of the nation's largest Internet service providers, met Lamo that year at PlanetOut and the two became fast friends. It wasn't long before he joined in one of Lamo's favorite distractions, one that would turn out to be an eerie offshoot of the young hacker's online proclivities: exploring the labyrinth of California's underground sewage networks and abandoned mines.\n\nSince then, Lamo kept in touch intermittently, popping in and out of Wing's life at odd intervals. But Wing proved a trustworthy and loyal friend, and Lamo soon granted him power of attorney over his affairs should he run into legal trouble.\n\nIn 2002, Wing registered the domain \"freeadrian.com,\" as a joke. He'd later remark on how prescient a decision that had been.\n\n\"Adrian is like a fast moving object that has a heavy affect on anyone's life he encounters,\" Wing told this reporter in 2003. \"And then he moves on.\"\n\n#### THE MANNING AFFAIR\n\nIn 2010, Lamo was contacted via instant message by **Chelsea Manning**, a transgender Army private who was then known as **Bradley Manning**. The Army private confided that she'd leaked a classified video of a helicopter attack in Baghdad that killed 12 people (including two Reuters employees) to **Wikileaks**. Manning also admitted to handing Wikileaks some 260,000 classified diplomatic cables.\n\nLamo reported the theft to the FBI. In explaining his decision, Lamo told news publications that he was worried the classified data leak could endanger lives.\n\n\u201cHe was just grabbing information from where he could get it and trying to leak it,\u201d Mr. Lamo [told The ](<https://www.nytimes.com/2010/06/08/world/08leaks.html>)[Times in 2010](<https://www.nytimes.com/2010/06/08/world/08leaks.html>).\n\nManning was later convicted of leaking more than 700,000 government records, and received a 35 year prison sentence. In January 2017, President Barack Obama commuted Manning's sentence after she'd served seven years of it. In January 2018, Manning [filed to run for a Senate seat in Maryland](<https://www.nytimes.com/2018/01/13/us/politics/chelsea-manning-files-for-senate-run-in-maryland.html?rref=collection%2Ftimestopic%2FManning%2C%20Bradley%20E.&action=click&contentCollection=timestopics&region=stream&module=stream_unit&version=latest&contentPlacement=3&pgtype=collection>).\n\n#### HOMELESS IN WICHITA\n\nThe same month he reported Manning to the feds, Lamo [told Wired.com](<https://www.wired.com/2010/05/lamo/>) that he'd been diagnosed with [Asperger Syndrome](<https://en.wikipedia.org/wiki/Asperger_syndrome>) after being briefly hospitalized in a psychiatric ward. Lamo told Wired that he suspected someone had stolen his backpack, and that paramedics were called when the police responding to reports of the alleged theft observed him acting erratically and perhaps slurring his speech.\n\nWired later updated the story to note that Lamo's father had reported him to the Sacramento Sherriff's office, saying he was worried that his son was over-medicating himself with prescription drugs.\n\nIn 2011, Lamo [told news outlet Al Jazeera](<https://www.aljazeera.com/video/americas/2011/03/2011313202019296426.html>) that he was in hiding because he was getting death threats for betraying Manning's confidence and turning him in to the authorities. In 2013, he [told The Guardian](<https://www.theguardian.com/world/2013/jan/03/adrian-lamo-bradley-manning-q-and-a>) that he'd struggled with substance abuse \"for a while.\"\n\nIt's not yet certain what led to Lamo's demise. He was found dead in a Wichita apartment on March 14. According to [The Wichita Eagle](<http://www.kansas.com/news/local/article205629184.html>), Lamo had lived in the area for more than a year. The paper quoted local resident **Lorraine Murphy**, who described herself as a colleague and friend of Lamo's. When Murphy sent him a message in December 2016 asking him what he was up to, he reportedly replied \u201chomeless in Wichita.\"\n\n\u201cAdrian was always homeless or on the verge of it,\u201d Murphy is quoted as saying. \u201cHe bounced around a great deal, for no particular reason. He was a believer in the Geographic Cure. Whatever goes wrong in your life, moving will make it better. And he knew people all over the country.\u201d\n\nThe Eagle reports that Wichita police found no signs of foul play or anything suspicious about Lamo's death. A toxicology test was ordered but the results won't be available for several weeks.", "reporter": "BrianKrebs", "published": "2018-03-19T03:53:12", "type": "krebs", "title": "Adrian Lamo, \u2018Homeless Hacker\u2019 Who Turned in Chelsea Manning, Dead at 37", "enchantments": {}, "bulletinFamily": "blog", "cvelist": [], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-03-19T03:53:12", "id": "KREBS:837F236F1C33A14245A4F5BE1347519A", "href": "https://krebsonsecurity.com/2018/03/adrian-lamo-homeless-hacker-who-turned-in-chelsea-manning-dead-at-37/", "cvss": {"score": 0.0, "vector": "NONE"}}], "cert": [{"lastseen": "2018-03-19T16:46:40", "references": ["https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html", "https://www.bouncycastle.org/releasenotes.html", "https://www.bouncycastle.org/releasenotes.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5382 ", "https://www.bouncycastle.org/", "https://cryptosense.com/blog/bouncycastle-keystore-security/", "https://cryptosense.com/blog/bouncycastle-keystore-security/", "https://tools.ietf.org/html/rfc7292#appendix-A", "https://tools.ietf.org/html/rfc7292#appendix-A"], "description": "### Overview\n\nBouncy Castle BKS version 1 keystore files use an HMAC that is only 16 bits long, which can allow an attacker to crack a BKS-V1 keystore file in seconds.\n\n### Description\n\n[Bouncy Castle](<https://www.bouncycastle.org/>) is a cryptographic library for C# and Java applications, including Android applications. BKS is a keystore format, which is designed to function similarly to a Sun/Oracle JKS keystore. BKS files can contain public keys, including certificates, as well as private keys. BKS files rely on password-based encryption to provide confidentiality and integrity protections to the keystore contents. \n\nThe first version of a BKS file contains a design flaw in the determination of the key size used to protect the data inside of the keystore. A SHA-1 hash function, which is 160 bits in length, is used in the BKS HMAC code. In a [RFC7292-compliant](<https://tools.ietf.org/html/rfc7292#appendix-A>) cryptographic algorithm, the MAC key size is the same size as the hash function being used. This means that the MAC key size should be 160 bits long for BKS files. However, the Bouncy Castle code for version 1 BKS files uses only 16 bits for the MAC key size. This means that regardless of password complexity, a BKS version 1 file can only have 65,536 different encryption keys. A valid password for a keystore can be bruteforced by attempting each of these key values, which can take only seconds. \n \nStarting with Bouncy Castle 1.47, which was [released](<https://www.bouncycastle.org/releasenotes.html>) on March 30, 2012, the BKS keystore format was updated to version 2, which uses a 160-bit MAC. Starting with Bouncy Castle 1.49, optional support for the original keystore format was reintroduced, as \"BKS-V1.\" \n \n--- \n \n### Impact\n\nA BKS file that was created with Bouncy Castle 1.46 or earlier, or 1.49 or later as the \"BKS-V1\" format will have insufficient protection against bruteforce cracking. An attacker with access to such a keystore file can crack the password in seconds, which will allow access to the keystore contents. \n \n--- \n \n### Solution\n\n**Do not rely on version 1 BKS keystore files** \n \nBKS version 1 keystore files are not cryptographically sound. Any private keys that reside in BKS-V1 keystores should be considered compromised if any attacker has had access to the keystore file. These private keys should be regenerated, and stored in a more robust [keystore format](<https://cryptosense.com/blog/bouncycastle-keystore-security/>). \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nLegion of the Bouncy Castle| | 08 Mar 2018| 19 Mar 2018 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23306792 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 3.6 | AV:L/AC:L/Au:N/C:P/I:P/A:N \nTemporal | 3.0 | E:F/RL:OF/RC:C \nEnvironmental | 3.0 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html>\n * <https://www.bouncycastle.org/releasenotes.html>\n * <https://cryptosense.com/blog/bouncycastle-keystore-security/>\n * <https://tools.ietf.org/html/rfc7292#appendix-A>\n\n### Credit\n\nThis vulnerability was reported by Will Dormann of the CERT/CC.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2018-5382 ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5382 >)\n * Date Public: 20 Mar 2012\n * Date First Published: 19 Mar 2018\n * Date Last Updated: 19 Mar 2018\n * Document Revision: 12\n\n", "edition": 1, "reporter": "CERT", "published": "2018-03-19T00:00:00", "title": "Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions", "type": "cert", "enchantments": {}, "bulletinFamily": "info", "cvelist": ["CVE-2018-5382", "CVE-2018-5382"], "modified": "2018-03-19T00:00:00", "id": "VU:306792", "href": "https://www.kb.cert.org/vuls/id/306792", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2018-03-19T05:26:19", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2018-4919", "https://bugs.gentoo.org/show_bug.cgi?id=646724", "https://nvd.nist.gov/vuln/detail/CVE-2018-4878", "https://nvd.nist.gov/vuln/detail/CVE-2018-4920", "https://bugs.gentoo.org/show_bug.cgi?id=650424", "https://nvd.nist.gov/vuln/detail/CVE-2018-4877", "https://nvd.nist.gov/vuln/detail/CVE-2018-4871"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "29.0.0.113", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-plugins/adobe-flash", "operator": "lt"}], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-29.0.0.113\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2018-03-19T00:00:00", "title": "Adobe Flash Player: Multiple vulnerabilities", "type": "gentoo", "enchantments": {"score": null}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-4878", "CVE-2018-4871", "CVE-2018-4920", "CVE-2018-4919", "CVE-2018-4877"], "modified": "2018-03-19T00:00:00", "id": "GLSA-201803-08", "href": "https://security.gentoo.org/glsa/201803-08", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-19T05:26:19", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2018-6790", "https://bugs.gentoo.org/show_bug.cgi?id=647106", "https://nvd.nist.gov/vuln/detail/CVE-2018-6791"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "5.11.5-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "kde-plasma/plasma-workspace", "operator": "lt"}], "description": "### Background\n\nKDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. \n\n### Description\n\nMultiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nAn attacker could execute arbitrary commands via specially crafted thumb drive\u2019s volume labels or obtain sensitive information via specially crafted notifications. \n\n### Workaround\n\nUsers should mount removable devices with Dolphin instead of the device notifier. \n\nUsers should disable notifications.\n\n### Resolution\n\nAll KDE Plasma Workspace users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=kde-plasma/plasma-workspace-5.11.5-r1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2018-03-19T00:00:00", "title": "KDE Plasma Workspaces: Multiple vulnerabilities", "type": "gentoo", "enchantments": {"score": null}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-6790", "CVE-2018-6791"], "modified": "2018-03-19T00:00:00", "id": "GLSA-201803-09", "href": "https://security.gentoo.org/glsa/201803-09", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-19T05:26:19", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=629412", "https://nvd.nist.gov/vuln/detail/CVE-2017-18225", "https://bugs.gentoo.org/show_bug.cgi?id=631068", "https://bugs.gentoo.org/show_bug.cgi?id=623806", "https://nvd.nist.gov/vuln/detail/CVE-2017-10807", "https://nvd.nist.gov/vuln/detail/CVE-2017-18226"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.6.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-im/jabberd2", "operator": "le"}], "description": "### Background\n\nJabberD 2.x is an open source Jabber server written in C.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Gentoo\u2019s JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nAn attacker could possibly escalate privileges by owning system binaries in trusted locations, cause a Denial of Service condition by manipulating the PID file from jabberd2 services, bypass security via SASL ANONYMOUS connections or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nGentoo has discontinued support for JabberD 2.x and recommends that users unmerge the package: \n \n \n # emerge --unmerge \"net-im/jabberd2\"\n \n\nAs an alternative, users may want to upgrade their systems to use net-im/prosody instead of net-im/jabberd2.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2018-03-19T00:00:00", "title": "JabberD 2.x: Multiple vulnerabilities", "type": "gentoo", "enchantments": {"score": null}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-10807", "CVE-2017-18225", "CVE-2017-18226"], "modified": "2018-03-19T00:00:00", "id": "GLSA-201803-07", "href": "https://security.gentoo.org/glsa/201803-07", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-19T05:26:18", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2018-2582", "https://nvd.nist.gov/vuln/detail/CVE-2018-2633", "https://nvd.nist.gov/vuln/detail/CVE-2018-2639", "https://nvd.nist.gov/vuln/detail/CVE-2018-2638", "https://nvd.nist.gov/vuln/detail/CVE-2018-2641", "https://nvd.nist.gov/vuln/detail/CVE-2018-2588", "https://nvd.nist.gov/vuln/detail/CVE-2018-2627", "https://nvd.nist.gov/vuln/detail/CVE-2018-2634", "https://bugs.gentoo.org/show_bug.cgi?id=645268", "https://nvd.nist.gov/vuln/detail/CVE-2018-2618", "https://nvd.nist.gov/vuln/detail/CVE-2018-2637", "https://nvd.nist.gov/vuln/detail/CVE-2018-2599", "https://nvd.nist.gov/vuln/detail/CVE-2018-2579", "https://nvd.nist.gov/vuln/detail/CVE-2018-2603", "https://nvd.nist.gov/vuln/detail/CVE-2018-2581", "https://nvd.nist.gov/vuln/detail/CVE-2018-2629", "https://nvd.nist.gov/vuln/detail/CVE-2018-2602", "https://nvd.nist.gov/vuln/detail/CVE-2018-2663"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.0.162", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-java/oracle-jdk-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.0.162", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-java/oracle-jre-bin", "operator": "lt"}], "description": "### Background\n\nJava Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today\u2019s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today\u2019s applications require. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Oracle\u2019s Java SE. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.8.0.162:1.8\"\n \n\nAll Oracle JRE users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.8.0.162:1.8\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2018-03-19T00:00:00", "title": "Oracle JDK/JRE: Multiple vulnerabilities", "type": "gentoo", "enchantments": {"score": null}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2639", "CVE-2018-2638", "CVE-2018-2637", "CVE-2018-2581", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2627", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2579"], "modified": "2018-03-19T00:00:00", "id": "GLSA-201803-06", "href": "https://security.gentoo.org/glsa/201803-06", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-03-19T16:38:54", "references": ["2018:0734_1", "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00047.html"], "pluginID": "1361412562310851720", "description": "Check the version of SDL2,", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-03-19T00:00:00", "title": "SuSE Update for SDL2, openSUSE-SU-2018:0734-1 (SDL2,)", "type": "openvas", "enchantments": {}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14441", "CVE-2017-14440", "CVE-2017-14442", "CVE-2017-14450", "CVE-2017-12122", "CVE-2017-14449", "CVE-2017-14448"], "modified": "2018-03-19T00:00:00", "id": "OPENVAS:1361412562310851720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_0734_1.nasl 9132 2018-03-19 11:22:37Z santu $\n#\n# SuSE Update for SDL2, openSUSE-SU-2018:0734-1 (SDL2,)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851720\");\n script_version(\"$Revision: 9132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-19 12:22:37 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-19 08:26:15 +0100 (Mon, 19 Mar 2018)\");\n script_cve_id(\"CVE-2017-12122\", \"CVE-2017-14440\", \"CVE-2017-14441\", \"CVE-2017-14442\", \n \"CVE-2017-14448\", \"CVE-2017-14449\", \"CVE-2017-14450\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for SDL2, openSUSE-SU-2018:0734-1 (SDL2,)\");\n script_tag(name: \"summary\", value: \"Check the version of SDL2,\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for SDL2 and SDL2_image fixes the following issues:\n\n - CVE-2017-14441: Code execution in the ICO image rendering (bsc#1084282).\n - CVE-2017-14440: Potential code execution in the ILBM image rendering\n functionality (bsc#1084257).\n - CVE-2017-12122: Potential code execution in the ILBM image rendering\n fuctionality (bsc#1084256).\n - CVE-2017-14448: Heap buffer overflow in the XCF image rendering\n functionality (bsc#1084303).\n - CVE-2017-14449: Double-Free in the XCF image rendering (bsc#1084297).\n - CVE-2017-14442: Stack buffer overflow the BMP image rendering\n functionality (bsc#1084304).\n - CVE-2017-14450: Buffer overflow in the GIF image parsing (bsc#1084288).\n\n Bug fixes:\n\n - boo#1025413: Add dbus-ime.diff and build with fcitx.\");\n script_tag(name: \"affected\", value: \"SDL2, on openSUSE Leap 42.3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2018:0734_1\");\n script_xref(name: \"URL\" , value: \"http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00047.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"SDL2-debugsource\", rpm:\"SDL2-debugsource~2.0.8~18.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"SDL2_image-debugsource\", rpm:\"SDL2_image-debugsource~2.0.3~13.10.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2-2_0-0\", rpm:\"libSDL2-2_0-0~2.0.8~18.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2-2_0-0-debuginfo\", rpm:\"libSDL2-2_0-0-debuginfo~2.0.8~18.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2-devel\", rpm:\"libSDL2-devel~2.0.8~18.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2_image-2_0-0\", rpm:\"libSDL2_image-2_0-0~2.0.3~13.10.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2_image-2_0-0-debuginfo\", rpm:\"libSDL2_image-2_0-0-debuginfo~2.0.3~13.10.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2_image-devel\", rpm:\"libSDL2_image-devel~2.0.3~13.10.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2-2_0-0-32bit\", rpm:\"libSDL2-2_0-0-32bit~2.0.8~18.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2-2_0-0-debuginfo-32bit\", rpm:\"libSDL2-2_0-0-debuginfo-32bit~2.0.8~18.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2-devel-32bit\", rpm:\"libSDL2-devel-32bit~2.0.8~18.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2_image-2_0-0-32bit\", rpm:\"libSDL2_image-2_0-0-32bit~2.0.3~13.10.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2_image-2_0-0-debuginfo-32bit\", rpm:\"libSDL2_image-2_0-0-debuginfo-32bit~2.0.3~13.10.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libSDL2_image-devel-32bit\", rpm:\"libSDL2_image-devel-32bit~2.0.3~13.10.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T16:38:05", "references": ["2018-035a7a9ccc", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3FMLBOKBCT4YVJKWP4TYIRITAY5IVEO"], "pluginID": "1361412562310874244", "description": "Check the version of ImageMagick", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-03-19T00:00:00", "title": "Fedora Update for ImageMagick FEDORA-2018-035a7a9ccc", "type": "openvas", "enchantments": {}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-03-19T00:00:00", "id": "OPENVAS:1361412562310874244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874244", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_035a7a9ccc_ImageMagick_fc27.nasl 9132 2018-03-19 11:22:37Z santu $\n#\n# Fedora Update for ImageMagick FEDORA-2018-035a7a9ccc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874244\");\n script_version(\"$Revision: 9132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-19 12:22:37 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-19 08:31:16 +0100 (Mon, 19 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2018-035a7a9ccc\");\n script_tag(name: \"summary\", value: \"Check the version of ImageMagick\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"ImageMagick is an image display and \nmanipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, \nPNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color\nreduce, or add special effects to an image, and when finished you can either save \nthe completed work in the original format or a different one. ImageMagick also \nincludes command line programs for creating animated or transparent .gifs, creating \ncomposite images, creating thumbnail images, and more.\n\nImageMagick is one of your choices if you need a program to manipulate\nand display images. If you want to develop your own applications\nwhich use ImageMagick code or APIs, you need to install\nImageMagick-devel as well.\n\");\n script_tag(name: \"affected\", value: \"ImageMagick on Fedora 27\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-035a7a9ccc\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3FMLBOKBCT4YVJKWP4TYIRITAY5IVEO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T16:38:55", "references": ["http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00048.html", "2018:0737_1"], "pluginID": "1361412562310851721", "description": "Check the version of MozillaFirefox", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-03-19T00:00:00", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2018:0737-1 (MozillaFirefox)", "type": "openvas", "enchantments": {}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5146", "CVE-2018-5147"], "modified": "2018-03-19T00:00:00", "id": "OPENVAS:1361412562310851721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_0737_1.nasl 9132 2018-03-19 11:22:37Z santu $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2018:0737-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851721\");\n script_version(\"$Revision: 9132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-19 12:22:37 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-19 08:26:34 +0100 (Mon, 19 Mar 2018)\");\n script_cve_id(\"CVE-2018-5146\", \"CVE-2018-5147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2018:0737-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for Mozilla Firefox to version 52.7.2esr fixes security issues\n and bugs.\n\n Security issues fixed:\n\n - CVE-2018-5146: Specially crafted vorbis files could have been used to\n execute arbitrary code via an Out of bounds memory write (bsc#1085671,\n MFSA 2018-08)\n - CVE-2018-5147: Specially crafted vorbis files could have been used to\n execute arbitrary code via an Out of bounds memory write - used on ARM\n platforms (bsc#1085671, MFSA 2018-08)\n\n The following bug fixes are included:\n\n - Stability improvements in the Italian locale\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2018:0737_1\");\n script_xref(name: \"URL\" , value: \"http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00048.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.7.2~81.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T16:38:05", "references": ["2018-7011a8b0da", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HFIPV6CSDJQRRAUASCOE5NQFQGDSRFM"], "pluginID": "1361412562310874245", "description": "Check the version of firefox", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-03-19T00:00:00", "title": "Fedora Update for firefox FEDORA-2018-7011a8b0da", "type": "openvas", "enchantments": {}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-03-19T00:00:00", "id": "OPENVAS:1361412562310874245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874245", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7011a8b0da_firefox_fc26.nasl 9132 2018-03-19 11:22:37Z santu $\n#\n# Fedora Update for firefox FEDORA-2018-7011a8b0da\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874245\");\n script_version(\"$Revision: 9132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-19 12:22:37 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-19 08:31:16 +0100 (Mon, 19 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2018-7011a8b0da\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open-source web \nbrowser, designed for standards compliance, performance and portability.\n\");\n script_tag(name: \"affected\", value: \"firefox on Fedora 26\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-7011a8b0da\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HFIPV6CSDJQRRAUASCOE5NQFQGDSRFM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~59.0~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T16:38:03", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUEDMDDUXONMVRNOS2BHJLXIVJOPCH5X", "2018-a068ade416"], "pluginID": "1361412562310874246", "description": "Check the version of firefox", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-03-19T00:00:00", "title": "Fedora Update for firefox FEDORA-2018-a068ade416", "type": "openvas", "enchantments": {}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-03-19T00:00:00", "id": "OPENVAS:1361412562310874246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a068ade416_firefox_fc27.nasl 9132 2018-03-19 11:22:37Z santu $\n#\n# Fedora Update for firefox FEDORA-2018-a068ade416\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874246\");\n script_version(\"$Revision: 9132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-19 12:22:37 +0100 (Mon, 19 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-19 08:31:16 +0100 (Mon, 19 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2018-a068ade416\");\n script_tag(name: \"summary\", value: \"Check the version of firefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Mozilla Firefox is an open-source web \nbrowser, designed for standards compliance, performance and portability.\n\");\n script_tag(name: \"affected\", value: \"firefox on Fedora 27\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2018-a068ade416\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUEDMDDUXONMVRNOS2BHJLXIVJOPCH5X\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~59.0.1~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "myhack58": [{"lastseen": "2018-03-19T16:37:37", "references": [], "description": "In this article, I to share the one I at last found the Edge of the browser vulnerabilities. This exploits the browser[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)filter the defects, to bypass another[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)defensive measures: CSP\uff08Content Security Policy, Content Security Policy. Note that this vulnerability is not in bypass[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)filter, but the use of it so some would have no[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)of the page, forcing manufacturing out of the available[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)vulnerabilities. \n! [](/Article/UploadPic/2018-3/2018319192829380. jpg? www. myhack58. com) \n0\u00d701 background \nBrowser[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)filter the birth in IE 8, It is used to prevent reflection type[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)attack. Its basic principle is to[reference 1,2,3]: since it is a reflective type, then the URL in the a parameter value is bound in the page somewhere appear. Of course not every is reflected to the HTML page in parameters are[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>), the \u6bd4\u5982example.com/index.php?id=12345 if the page contains 12345, which is obviously doesn't matter. \u4f46\u662f\u5982\u679cexample.com/index.php?id=alert(1)in the script element is reflected back, it is possible to[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)attack. Filter determination logic is probably this: the first determines whether the GET or POST data has no parameter may contain[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)code, which is a step in the browser's built-in a more complex regular to match. If the match is successful, then search for the value of this parameter a does not appear in the server returns the HTML. If there is, the browser thinks this is a[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)attack. Edge and IE[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)the filter has two modes, one is found after the attack to shield the entire page, another is to try to fix[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>a). The default is the second mode, the server may set the HTTP header field X-[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)-Protection: 1; mode=block transferred into the first mode[reference 4]. Fig. \nSaid the following about Microsoft's browser is how to\u201ctry to fix[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)\u201d. For example, \u5047\u8bbeURL\u662fexample.com/index.php?id=alert(1), and the HTML code contains alert(1), then the browser will take the HTML of this element to modify is the alert(1)\u3002 After revision and then to the HTML parser. Since it is the r changed to#, to destroy the script element, then after this the JavaScript code will not be executed. embed, iframe, object, meta and other tags similarly are use#to replace a letter to ruin these labels. \nAbove this repair method, although effective to repair a part of the reflection[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>), but it also has potential dangers. Since IE 8 introduced[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)filter has been researchers through abuse of the repair logic, to have been no[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)vulnerabilities page injection[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>a). A simple use of the method is: for example, the page already have, we construct the URL: example.com/index.php the?. IE and the Edge will be false positives this is a[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)attacks, and according to the above way of repair, repair after the code became, thus jquery. js can't load. Of course this example is not a vulnerability, because it's like jquery. js file does not exist, although the function may be affected, but not security issues. \nIn reference[5], The author mentions another use of the method, for example such an img tag: where alt is the value of the injection point. Originally this tag does not execute code, but IE self-defeating to repair. the onload is executed. \n0\u00d702 CVE-2017-0135 \n\u4e0a\u6587\u6211\u4eec\u8bf4\u4e86\u5229\u7528\u8fc7\u6ee4\u5668\u7684\u8bef\u62a5\u6765\u5e72\u6389jquery.js the. Since it is capable off script tag, then can't get rid of the other tags? Especially can kill and security related tags. I think the Content Security Policy there are two kinds of setting method, either in the HTTP header field settings, but also in the HTML used to set. So I try the next, if the site is using meta tags to set the CSP, can I use the filter the false positives to get rid of this meta tag, so that the CSP failure. Conclusion is can. I construct a HTML page \u5047\u8bbe\u5176URL\u662fhttp://example.com/xss.html to: \nhtml&gt; \nhead&gt; \ntitle&gt;CSP Testtitle&gt; \nmeta http-equiv=\"Content-Security-Policy\" content=\"script-src 'self'\"&gt; \nhead&gt; \nbody&gt; \nscript&gt;alert(document. domain);script&gt; \n\n\n**[1] [[2]](<89758_2.htm>) [next](<89758_2.htm>)**\n", "edition": 1, "reporter": "\u4f5a\u540d", "published": "2018-03-19T00:00:00", "title": "CVE-2017-0135 vulnerability analysis: the use of the Edge of the browser XSS filter bypass CSP-vulnerability warning-the black bar safety net", "type": "myhack58", "enchantments": {}, "bulletinFamily": "info", "cvelist": ["CVE-2017-0135"], "modified": "2018-03-19T00:00:00", "id": "MYHACK58:62201889758", "href": "http://www.myhack58.com/Article/html/3/62/2018/89758.htm", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2018-03-19T14:24:37", "references": ["https://bugs.gentoo.org/628540"], "description": "The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).", "edition": 1, "reporter": "NVD", "published": "2018-03-18T22:29:00", "title": "CVE-2017-18240", "type": "cve", "enchantments": {}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-18240"], "scanner": [], "modified": "2018-03-18T22:29:00", "cpe": [], "id": "CVE-2017-18240", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18240", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T01:56:13", "references": ["https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222018"], "description": "In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018.", "edition": 1, "reporter": "NVD", "published": "2018-03-18T02:29:00", "title": "CVE-2018-8765", "type": "cve", "enchantments": {"score": null}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8765"], "scanner": [], "modified": "2018-03-18T02:29:00", "cpe": [], "id": "CVE-2018-8765", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8765", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T01:56:13", "references": ["https://github.com/joyplus/joyplus-cms/issues/421"], "description": "joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.", "edition": 1, "reporter": "NVD", "published": "2018-03-18T02:29:00", "title": "CVE-2018-8766", "type": "cve", "enchantments": {"score": {"modified": "2018-03-19T01:56:13", "value": 6.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8766"], "scanner": [], "modified": "2018-03-18T02:29:00", "cpe": [], "id": "CVE-2018-8766", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8766", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T01:56:13", "references": ["https://sourceware.org/bugzilla/show_bug.cgi?id=22976"], "description": "elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.", "edition": 1, "reporter": "NVD", "published": "2018-03-18T02:29:00", "title": "CVE-2018-8769", "type": "cve", "enchantments": {"score": {"modified": "2018-03-19T01:56:13", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-8769"], "scanner": [], "modified": "2018-03-18T02:29:00", "cpe": [], "id": "CVE-2018-8769", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8769", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2018-03-18T18:56:31", "references": ["https://bugzilla.suse.com/1085671"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "52.7.2-81.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-52.7.2-81.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}], "description": "This update for Mozilla Firefox to version 52.7.2esr fixes security issues\n and bugs.\n\n Security issues fixed:\n\n - CVE-2018-5146: Specially crafted vorbis files could have been used to\n execute arbitrary code via an Out of bounds memory write (bsc#1085671,\n MFSA 2018-08)\n - CVE-2018-5147: Specially crafted vorbis files could have been used to\n execute arbitrary code via an Out of bounds memory write - used on ARM\n platforms (bsc#1085671, MFSA 2018-08)\n\n The following bug fixes are included:\n\n - Stability improvements in the Italian locale\n\n", "edition": 1, "reporter": "Suse", "published": "2018-03-18T15:11:21", "title": "Security update for MozillaFirefox (important)", "type": "suse", "enchantments": {"score": null}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-5146", "CVE-2018-5147"], "modified": "2018-03-18T15:11:21", "id": "OPENSUSE-SU-2018:0737-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00048.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}}